On Retaining Data Control to the Client in Infrastructure Clouds

A. Tjoa, D. Huemer, M. Descher, P. Masser, T. Feilhauer:
"On Retaining Data Control to the Client in Infrastructure Clouds";
Journal of Information System Security,5(2009), 4; S. 27 - 46.

[ Publication Database ]


Cloud computing allows delivering information technology power
on demand. Be it either the hosting of a certain web application
or the outsourcing of an entire server or data center by means of
virtualization. Applying these techniques however goes along with
handing over the ultimate control of data to a third party.
This paper investigates the application of Nimbus as a cloud
resource and shows an example implementation for retaining data
control to the user, based on virtual machine images encrypted
on the client side. This means that the procedures involved for
verifying validity and accessing the virtual machine are entirely
provided by the cloud client.
We provide a sample implementation of a secure virtual machine
consisting of an encrypted partition, containing the data to
be hosted, and a boot system, containing the logic to verify and
access the encrypted partition. The details of the implementation
are depicted, as applied on a cloud resource available within the
AustrianGrid project.